以下是按預期工作的PHP代碼的摘錄。
但我想修改sql查詢。 除非設置了相應的第一,第二,第三個變量,否則內連接b,c,d,e不應該成爲查詢的一部分。
$word_first=$_GET["first"];
$word_second=$_GET["second"];
$word_third=$_GET["third"];
$word_forth=$_GET["forth"];
$word_fifth=$_GET["fifth"];
$word_sixth=$_GET["sixth"];
$word_seventh=$_GET["seventh"];
$word_eighth=$_GET["eighth"];
$query="select id, word from toprint as a
inner join syl as b on b.word_id = a.id and b.char_id = '1' AND b.mychar LIKE '%".$word_first. "%'
inner join syl as c on c.word_id = a.id and c.char_id = '2' AND c.mychar LIKE '%".$word_second. "%'
inner join syl as d on d.word_id = a.id and d.char_id = '3' AND d.mychar LIKE '%".$word_third. "%'
inner join syl as e on e.word_id = a.id and e.char_id = '4' AND e.mychar LIKE '%".$word_forth. "%'
inner join syl as f on f.word_id = a.id and f.char_id = '5' AND f.mychar LIKE '%".$word_fifth. "%'
inner join syl as g on g.word_id = a.id and g.char_id = '6' AND g.mychar LIKE '%".$word_sixth. "%'
inner join syl as h on h.word_id = a.id and h.char_id = '7' AND h.mychar LIKE '%".$word_seventh. "%'
inner join syl as i on i.word_id = a.id and i.char_id = '8' AND i.mychar LIKE '%".$word_eighth. "%'
limit 2000";
[SQL注入警報(http://en.wikipedia.org/wiki/SQL_injection) – 2011-05-07 17:46:11
你可以寫一個有意義的和正確的標題? – markus 2011-05-07 17:56:23